Phase C - Threat Profiling

Phase C of the assessment centres around profiling the threats within the scope of the assessment, building out the threat landscape of the environment.

Stage C1/2 - Threats & Attributes

Stage C1/2 is used to define the threats that apply in the scope of this assessment, and then to assess the threat attributes they possess.

To begin, select all the desired Threats to assess from the Common Threat List (CTL) using the Import from Form functionality to populate this form. Use the check box in the top left most corner of the selection window to import all items. With the populated form, each Threat will be listed with “0” Threat Attributes. Click on each of these to assess each Threat by its attributes to generate a threat profile via the Likelihood of Initiation (LoI) and Threat Strength (TS) scores.

This is a link to the Threat Attributes form, which is created when a threat is chosen.

4

LoI and TS

This refers to the Likelihood of Initiation (LoI) and Threat Strength (TS), which is brought through if calculated in the Threat Attributes form.

Threat Attributes

The threat attributes form allows for the profiling of each threat by its attributes.

To begin, select all the threat attributes from the Threat Profile Reference Table (TPRT) using the Import from Form functionality to populate this form. Use the check box in the top left most corner of the selection window to import all items. This will bring through all the threat attributes relating to the group this threat belongs to.

For each attribute for the threat, assess the impact using the impact ratings scale determined in Getting Started. Likelihood of Initiation (LoI) and Threat Strength (TS) scores will be generated automatically based on this selection based on the settings in the Threat Profile Reference Table (TPRT).

This is a free text field where you can add the rationale for choosing the threat attribute and its score.

5

LoI & TS

These are fields which are calculated based on whether LoI and TS have been chosen to be included or excluded in the Threat Profile Reference Table (TPRT), and the score chosen for the threat attribute.

Stage C3 - Prioritised Threat Landscape

The prioritised threat landscape provides a form to prioritise the threats that may affect your business.

To begin, select all the threats from Stage C1/2 using the Import from Form functionality to populate this form. Use the check box in the top left most corner of the selection window to import all items. This will bring through all the threats from the previous stage.

For each threat, review the calculated Likelihood of Initiation (LoI) and Threat Strength (TS) and override where appropriate to prioritise the threats based on your organisation’s experiences.

The calculated fields under LoI and TS is the fields calculated within the Threat Attributes within Stage C1/2 – Threats & Attributes. You can then use the override field, which is a reference field to the Impact Ratings, to choose a different rating for the LoI and TS of the threat.

4

Comments

This is a free text field where you can add extra comments about the threat and it’s LoI and TS ratings, for example the reason for the override.

Stage C4/5 - Scope and Map Threat Events & Information Assets

This stage provides an area to scope the threats that were prioritised in Stage C3 and mapping the threat events and components associated with each threat.

To begin, select the threats from Stage C3 that warrant further assessment using the Import from Form functionality to populate this form. If desired, use the check box in the top left most corner of the selection window to import all items. It is recommended that this stage is used to filter out low threats to avoid spending time on assessing low risks.

With the populated form, each Threat will be listed with “0” Mapped Threat Events. Click on each of these to assess each Threat by its events to generate a scope of events that each threat actor may undertake.

Mapped Threat Events

This is a form where you select all the possible threat events associated with the given threat.

To begin, select the Threat Events from the Threat Event Catalogue (TEC) that this Threat Actor may undertake using the Import from Form functionality to populate this form. If desired, use the check box in the top left most corner of the selection window to import all items. It is recommended that this stage is used to filter out low threats to avoid spending time on assessing low risks. This will bring through all the selected threat events. Note that only Threat Events where the Initiation Strength is equal to or less than the Threat Strength assessed for a Threat will be made available here.

With the populated form, each Threat Event will be listed with “0” Mapped Components. Click on each of these to map each Threat Event to the components that are vulnerable to that sort of activity.

This is a link to a Mapped Components form, which is created when a threat event is chosen.

Mapped Components

This is a form where you select all components associated with the threat event.

To begin, select the Components from the central Components Library that may be vulnerable to the given Threat Event using the Import from Form functionality to populate this form. If desired, use the check box in the top left most corner of the selection window to import all items. This will bring through all the selected components, mapped to the current threat event.

Complete this for all Threat Events for the given Threat.

Item

Title

Description

1

Components

This is a reference field where you can select a component from the Components form.

2

Information Assets

When you select the component within the Components form, this has a selected Information Asset associated with it. This field then pulls this information through.

C Summary: Asset Threat Event Map

This phase summarises the results of stages C1-5 into the Asset Threat Event Map. This doesn’t require any user activity other than to pull through the results from the earlier stages.

To complete this stage, pull through all items into the summary form using the Import from Form to populate it with all the inherent risks generated via the earlier stages. Be sure to import all using the check box in the top left most corner of the selection window. With the populated register, evaluate the results to ensure that they are acceptable before proceeding with the remainder of the assessment.

Item

Title

Description

1

Threat Details

These are details of the threat event and threat details which have been mapped to by the component, which will fill in with details once the component field has been selected.